I have
been successfully configuring Local Group Policy on a W2K standalone
PC for some time. The machine is in a public location and we have locked it down
so that no-one can mess with the setup and can only access a couple of
applications. The only people who can log on and make changes are members
of the local admin group.
As you
all probably know, it is simple to provide this security by simply removing the
read access to the %systemroot$\system32\group policy directory for anyone you
dont want to process the Local GPO. Modify the ACL in this way stil allows the
admins to access the GP editor.
My
problem is that it doesnt work under XP. I know this is a W2K post but wondered
if anyone else had had the same problems.
If you
explicitly deny read access to the directory for administrators, the Local GPO
is not applied but you also have no way to then run the GP editor unless you go
through the hassle of changing all the permissions on the
directory.
I need
to find a way to implement Local GPO's for XP in the same way they work for
W2K
Any
advice ?
Cheers,
Mark
